Sandspit

Getting Started

Procore Integration

Sandspit connects directly to your Procore account using secure OAuth 2.0 authentication. This guide explains how the connection works, how access is inherited, and what project data Sandspit uses for grids, validation, and imports.

Authentication

Sandspit uses Procore's OAuth 2.0 flow for authentication. When you sign in, you're redirected to Procore where you authorize Sandspit to access your data.

Key points about authentication:

  • No password storage — We never see or store your Procore password
  • Token-based access — We receive a secure access token from Procore
  • Automatic refresh — Tokens are refreshed automatically to maintain your session
  • Revocable access — You can revoke Sandspit's access anytime from Procore

Multi-Company Support

If you have access to multiple companies in Procore, Sandspit will detect all of them. You can switch between companies using the company selector.

Permissions

Sandspit inherits your existing Procore permissions. You'll only see and be able to modify data you already have access to in Procore.

Permission Levels

Procore Permission Sandspit Access
Admin Full access to supported project data based on enabled Procore tools
Standard View and edit supported records you have access to
Read Only View supported records only, no editing capabilities

Permissions come from Procore. If your Procore project access changes, Sandspit updates what you can see and edit based on that access.

Project Data

Sandspit uses project data and field options from Procore so teams can review records, validate imports, and sync reviewed updates back to the right project.

What Sandspit Uses

For each enabled project, Sandspit uses the data needed for active workflows:

  • Submittals and RFIs — Supported grid records with readable field values
  • Change event context — Field options needed to validate and sync imports
  • Directory data — Users, companies, vendors, and assignee options
  • Budget code options — Cost codes, line item types, WBS segments, and related project settings
  • Custom fields — Custom field definitions and values where supported
  • Attachments — Attachment metadata where supported; files remain in Procore

File Storage

For Procore attachments viewed from the grid, Sandspit links back to Procore-hosted files.

Security

We take the security of your data seriously. Here's how we protect your information:

  • Encrypted in transit — All data is transmitted over HTTPS/TLS
  • Encrypted at rest — Stored data is encrypted according to Sandspit's production security controls
  • Access controls — Strict permission enforcement based on Procore access
  • Permission-aware access — Project access follows Procore permissions

For more details about our security practices, see our Privacy Policy and Terms of Service.

Previous
Where Sandspit Runs
Next
Change Event Imports

Schedule a Demo

See how Sandspit helps construction teams manage submittals, RFIs, and change-event intake across Procore projects.